reports

Pwn2Own Vancouver 2023 to Put Tesla to the Test

Posted on March 18, 2023 by Admin

At Trend Micro, we’ve always said that cybersecurity is a team sport. But what happens when you put those teams in competition with each other? We believe you create the conditions in which the world’s best hackers thrive. And ultimately, you make the connected world safer in the process. That’s the philosophy of our Zero Day Initiative’s Pwn2Own competition. For the past 15+ years, teams from across the globe have battled each other for big…

S4x23 Review Part 2: Evolving Energy Cybersecurity

Posted on March 13, 2023March 13, 2023 by Admin

While public-private partnerships may have been successful for large businesses, small businesses with limited financial and human assets still face challenges. The 100-day plan has certainly advanced cybersecurity in the energy sector by focusing on ICS security and grid security and facilitating coordination between public and private entities and agencies. However, challenges have been raised in the areas of information sharing among small utilities, solutions tailored for them, and sustainable initiatives. Innovative threat intelligence and…

Emotet Returns, Now Adopts Binary Padding for Evasion

Posted on March 13, 2023March 14, 2023 by Admin

Once a user enables macros for the malicious document, it will download a ZIP file will from one of seven hardcoded and obfuscated URLs (which will be iterated through until the file is successfully retrieved): hxxps://midcoastsupplies.com[.]au/configNQS/Es2oE4GEH7fbZ/ hxxp://mtp.evotek[.]vn/wp-content/L/ hxxp://www.189dom[.]com/xue80/C0aJr5tfI5Pvi8m/ hxxps://esentai-gourmet[.]kz/404/EDt0f/ hxxp://139.219.4[.]166/wp-includes/XXrRaJtiutdHn7N13/ hxxps://www.snaptikt[.]com/wp-includes/aM4Cz6wp2K4sfQ/ hxxps://diasgallery[.]com:443/about/R/ The macro will then check if the response is 200 (indicating a success retrieval of the file). If so, it will then check if that file is either a PE File or a…

Examining Ransomware Payments From a Data-Science Lens

Posted on March 9, 2023March 10, 2023 by Admin

In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be telling of its persistence methods, the tactics, techniques,…

Expanding Attack Blueprints 2022 Annual Cybersecurity Report

Posted on March 7, 2023March 9, 2023 by Admin

The year 2022 — which was beset with economic turmoil, supply chain problems, and even a war — proved to be an arduous year for organizations not just offline, but online, too. While businesses worked overtime to keep their organizations protected against threats amid challenges and shortages, malicious actors also toiled around the clock to keep their criminal operations running. This is evidenced by the 146.4 billion threats we detected and blocked in 2022, a…

S4x23 Review Part 1: What’s New in OT Security

Posted on March 3, 2023March 3, 2023 by Admin

In this blog, I will introduce discussions from S4 over several posts. The first installment will cover two topics from the academic interviews. Interview with Michael Fischerkeller – Author of Cyber Persistence Theory Fischerkeller is a senior researcher in the Institute for Defense Analyses and has been involved in shaping US government security policy for over 25 years. Based on this experience, he published “Cyber Persistence Theory” with two co-authors, aiming to bridge the gap…

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Posted on March 2, 2023March 2, 2023 by Admin

The CVEs used by the top five groups varied in severity (Figure 2), though most of these CVEs had a score of at least 7.2 on the Common Vulnerability Scoring System (CVSS). As Figure 3 shows, the bulk of these vulnerabilities were exploited as a means of privilege escalation at 54.3%, followed by those for remote code execution (RCE) at 17.4%. Vulnerabilities exploited by the top five ransomware groups CVE-2021-30119, which has the lowest CVSS…

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Posted on March 2, 2023March 2, 2023 by Admin

Security recommendations and Trend Micro solutions Email-related threats are becoming increasingly sophisticated and harder to spot. Back in the day, bad grammar and an exaggerated sense of urgency were enough tell-tale signs of malicious emails. Nowadays, malicious actors have evolved to mimic the voice and tone of the character they’re trying to pretend to be and at times, are prepared to play the long con. To successfully combat spam or phishing threats, organizations must…

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Posted on March 1, 2023March 1, 2023 by Admin

The persistence is ensured by copying a script similarly named as the current filename to the /usr/lib/systemd/system/ directory, and creating a symlink to this file in the /etc/ystem/system/multi-user.target.wants/ directory. Thus, this method only works if the current process has root privileges. The content of the script is: [Unit]Description=xxx[Service]Type=forkingExecStart=<path to current file> -xExecStop=/usr/bin/id[Install]WantedBy=multi-user.target After running the code dependent on the parameters, if the operator has not chosen a GUID with the “-f” parameter, the malware generates…

A Deep Dive into the Evolution of Ransomware Part 3

Posted on February 27, 2023February 28, 2023 by Admin

A Deep Dive into the Evolution of Ransomware Part 3 Privacy & Risks This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 27, 2023 Read time: ( words) Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises –…

« 1 2 3 4 5 … 27 »

S4x23 Review Part 2: Evolving Energy Cybersecurity

Emotet Returns, Now Adopts Binary Padding for Evasion

Examining Ransomware Payments From a Data-Science Lens

Expanding Attack Blueprints 2022 Annual Cybersecurity Report

S4x23 Review Part 1: What’s New in OT Security

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

A Deep Dive into the Evolution of Ransomware Part 3

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)